Skip to content

Update functions.php for Caddy #1210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
lilrags16 wants to merge 1 commit into from
Closed

Update functions.php for Caddy #1210

lilrags16 wants to merge 1 commit into from

Conversation

@lilrags16
Copy link

@lilrags16 lilrags16 commented Apr 12, 2025

This change gets the left most IP address from the X-Forward-For header. This is required to get the right IP easily from Caddy. Tested and working.

@lilrags16
Update functions.php for Caddy
b80065a 
This change gets the left most IP address from the X-Forward-For header. This is required to get the right IP easily from Caddy. Tested and working.
github-actions[bot]
github-actions bot reviewed Apr 12, 2025
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello & Welcome! :)

Thanks for taking the time to help improve ITFlow. We're excited to review your contributions - we'll review this PR as soon as we can!

Whilst you're waiting, please feel free to check out the forum.

Just so you know, all contributions to ITFlow are licensed under the GNU GPL. By contributing you grant us a perpetual & irrevocable license to include your work in ITFlow.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Apr 12, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@lilrags16
Copy link
Author

lilrags16 commented Apr 22, 2025

@johnnyq what is the process for getting PRs included upstream?

@git-kup
Copy link
Contributor

git-kup commented Apr 22, 2025

@johnnyq what is the process for getting PRs included upstream?

https://docs.itflow.org/contribute

@johnnyq
Copy link
Collaborator

johnnyq commented Apr 22, 2025

how will this affect users not using Caddy?

@lilrags16
Copy link
Author

lilrags16 commented Apr 22, 2025

If someone is using the CONST_GET_IP_METHOD == "HTTP_X_FORWARDED_FOR" value in there config, it will always set the IP that ITFlow logs as the leftmost IP presented in a list of comma separated IPs.

Case 1 - Not using config value, not using caddy- No changes to use
Case 2 - Using config value, but reverse proxy only passes on IP: No effective change as the left most of a list of one is still the same
Case 3 - Caddy w/ Value set: The actually client IP is passed through correctly.

wrongecho pushed a commit that referenced this pull request Jun 10, 2025
Update how functions.php gets the remote IP address for logging
f2bbc17 
- Builds on PR #1210 to always get the leftmost IP address
- Cloudflare (HTTP_CF_CONNECTING_IP) must now be explicitly defined, otherwise people could add the HTTP_CF_CONNECTING_IP header to a non-Cloudflare host and spoof IPs
- Tidy up the if/else logic a little
@wrongecho wrongecho mentioned this pull request Jun 10, 2025
Merged
@wrongecho
Copy link
Collaborator

wrongecho commented Jun 10, 2025

@lilrags16 - Thanks for raising this, sorry it's taken so long to get some traction.
There's a merge conflict now but I've incluided your changes in #1222 amongst other things. We should always be grabbing the left-most IP if we're told there's a proxy in place.
@johnnyq I've raised it as a PR into develop rather than a straight commit just to make you aware of it - it's worth testing across a variety of deployments (including the develop branch when its merged). It works fine on my local box and on my dev Hestia which has HTTP_X_FORWARDED_FOR defined.

@wrongecho wrongecho closed this Jun 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@lilrags16 @git-kup @johnnyq @wrongecho